Export limit exceeded: 364816 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Search

Search Results (364816 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2025-15395 1 Ibm 1 Jazz Foundation 2026-02-11 4.3 Medium
IBM Jazz Foundation 7.0.3 through 7.0.3 iFix019 and 7.1.0 through 7.1.0 iFix005 is vulnerable to access control violations that allows the users to view or access/perform actions beyond their expected capability.
CVE-2025-36253 2 Ibm, Linux 2 Concert, Linux Kernel 2026-02-11 5.9 Medium
IBM Concert 1.0.0 through 2.1.0 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information.
CVE-2025-70958 2 Intelliants, Subrion 2 Subrion Cms, Cms 2026-02-11 6.1 Medium
Multiple reflected cross-site scripting (XSS) vulnerabilities in the installation module of Subrion CMS v4.2.1 allows attackers to execute arbitrary Javascript in the context of the user's browser via injecting a crafted payload into the dbuser, dbpwd, and dbname parameters.
CVE-2025-70959 1 Tendenci 2 Cms, Tendenci 2026-02-11 5.4 Medium
A stored cross-site scripting (XSS) vulnerability in the Jobs module of Tendenci CMS v15.3.7 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload.
CVE-2025-70960 1 Tendenci 2 Cms, Tendenci 2026-02-11 5.4 Medium
A stored cross-site scripting (XSS) vulnerability in the Forums module of Tendenci CMS v15.3.7 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload.
CVE-2025-59818 1 Zenitel 3 Tcis-3, Tcis-3+, Tcis-3 Firmware 2026-02-11 10 Critical
This vulnerability allows authenticated attackers to execute arbitrary commands on the underlying system using the file name of an uploaded file.
CVE-2025-70545 1 Belden 3 Ont 2k05x Router, Ppc 2k05x, Ppc 2k05x Firmware 2026-02-11 6.1 Medium
A stored cross-site scripting (XSS) vulnerability exists in the web management interface of the PPC (Belden) ONT 2K05X router running firmware v1.1.9_206L. The Common Gateway Interface (CGI) component improperly handles user-supplied input, allowing a remote, unauthenticated attacker to inject arbitrary JavaScript that is persistently stored and executed when the affected interface is accessed.
CVE-2025-66720 1 Free5gc 1 Pcf 2026-02-11 7.5 High
Null pointer dereference in free5gc pcf 1.4.0 in file internal/sbi/processor/ampolicy.go in function HandleDeletePoliciesPolAssoId.
CVE-2025-66719 1 Free5gc 1 Nrf 2026-02-11 9.1 Critical
An issue was discovered in Free5gc NRF 1.4.0. In the access-token generation logic of free5GC, the AccessTokenScopeCheck() function in file internal/sbi/processor/access_token.go bypasses all scope validation when the attacker uses a crafted targetNF value. This allows attackers to obtain an access token with any arbitrary scope.
CVE-2025-67124 1 Svenstaro 1 Miniserve 2026-02-11 6.8 Medium
A TOCTOU and symlink race in svenstaro/miniserve 0.32.0 upload finalization (when uploads are enabled) can allow an attacker to overwrite arbitrary files outside the intended upload/document root in deployments where the attacker can create/replace filesystem entries in the upload destination directory (e.g., shared writable directory/volume).
CVE-2025-67125 1 Docopt 1 Docopt.cpp 2026-02-11 4.4 Medium
A signed integer overflow in docopt.cpp v0.6.2 (LeafPattern::match in docopt_private.h) when merging occurrence counters (e.g., default LONG_MAX + first user "-v/--verbose") can cause counter wrap (negative/unbounded semantics) and lead to logic/policy bypass in applications that rely on occurrence-based limits, rate-gating, or safety toggles. In hardened builds (e.g., UBSan or -ftrapv), the overflow may also result in process abort (DoS).
CVE-2025-69908 2 Newgen, Newgensoft 2 Omniapp, Omniapp 2026-02-11 7.5 High
An unauthenticated information disclosure vulnerability in Newgen OmniApp allows attackers to enumerate valid privileged usernames via a publicly accessible client-side JavaScript resource.
CVE-2025-56083 1 Ruijie 10 Reyee Os, Rg-eap602, Rg-eap602 Firmware and 7 more 2026-02-11 8.8 High
OS Command Injection vulnerability in Ruijie X30-PRO X30-PRO-V1_09241521 allowing attackers to execute arbitrary commands via a crafted POST request to the module_set in file /usr/local/lua/dev_sta/nbr_networkId_merge.lua.
CVE-2025-56084 1 Ruijie 10 Reyee Os, Rg-eap602, Rg-eap602 Firmware and 7 more 2026-02-11 8.8 High
OS Command Injection vulnerability in Ruijie RG-EW1800GX PRO B11P226_EW1800GX-PRO_10223117 allowing attackers to execute arbitrary commands via a crafted POST request to the module_set in file /usr/local/lua/dev_sta/nbr_cwmp.lua.
CVE-2025-56099 1 Ruijie 10 Reyee Os, Rg-eap602, Rg-eap602 Firmware and 7 more 2026-02-11 8.8 High
OS Command Injection vulnerability in Ruijie RG-YST AP_3.0(1)B11P280YST250F allowing attackers to execute arbitrary commands via a crafted POST request to the pwdmodify in file /usr/lib/lua/luci/modules/common.lua.
CVE-2021-47895 2 Nsasoft, Nsauditor 2 Nsauditor, Nsauditor 2026-02-11 7.5 High
Nsauditor 3.2.2.0 contains a denial of service vulnerability that allows attackers to crash the application by overwriting the Event Description field with a large buffer. Attackers can generate a 10,000-character 'U' buffer and paste it into the Event Description field to trigger an application crash.
CVE-2025-56113 1 Ruijie 11 Reyee Os, Rg-eap602, Rg-eap602 Firmware and 8 more 2026-02-11 8.8 High
OS Command Injection vulnerability in Ruijie RG-YST EST, YSTAP_3.0(1)B11P280YST250F V1.xxV2.xx allowing attackers to execute arbitrary commands via a crafted POST request to the pwdmodify in file /usr/lib/lua/luci/modules/common.lua.
CVE-2025-47402 1 Qualcomm 189 Ar8035, Ar8035 Firmware, Cologne and 186 more 2026-02-11 6.5 Medium
Transient DOS when processing a received frame with an excessively large authentication information element.
CVE-2025-70983 2 Bladex, Springblade Project 2 Springblade, Springblade 2026-02-11 9.9 Critical
Incorrect access control in the authRoutes function of SpringBlade v4.5.0 allows attackers with low-level privileges to escalate privileges.
CVE-2025-67264 1 Doogee 7 Note59, Note59 Firmware, Note59 Pro and 4 more 2026-02-11 7.8 High
An OS command injection vulnerability in the com.sprd.engineermode component in Doogee Note59, Note59 Pro, and Note59 Pro+ allows a local attacker to execute arbitrary code and escalate privileges via the EngineerMode ADB shell, due to incomplete patching of CVE-2025-31710